CybersecurityFramework

CMMC

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

Overview

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide provides detailed criteria and methodologies used by assessors to evaluate whether defense contractors meet required cybersecurity controls for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). It supports a tiered assessment model aligned with three maturity levels, defining specific practices, objectives, and evidence needed to demonstrate compliance with standards such as NIST SP 800-171. The guide ensures consistency and rigor in assessments by outlining how controls are verified, including documentation review, interviews, and testing procedures. It is used to validate that organizations have effectively implemented required safeguards as a condition for participating in U.S. Department of Defense contracts.

Related in Cybersecurity

CybersecurityFrameworkStandard

CCM v4.1 — Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) • v4.1

View details
CybersecurityStandard

SOC-CMM — SOC-CMM Assessment Tool

The SOC-CMM model is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment. For more information regarding the scientific background and the literature used to create the SOC-CMM self-assessment tool, please refer to the thesis document as available through: https://www.soc-cmm.com/

SOC-CMM

View details
CybersecurityRegulation

EU Digital Services Act — Regulation (EU) 2022/2065 - EU Digital Services Act

The Digital Services Act (DSA) (Regulation (EU) 2022/2065) establishes a comprehensive framework for regulating online intermediary services, platforms, and marketplaces across the European Union to create a safer and more transparent digital environment. The regulation introduces obligations for online platforms to address illegal content, improve transparency in content moderation and advertising, protect users' rights, and manage systemic risks such as disinformation and harmful content. It also imposes enhanced requirements on very large online platforms and search engines, while preserving fundamental rights, consumer protection, and innovation. Overall, the DSA aims to harmonize rules across the EU and increase accountability for digital service providers operating within the Single Market.

European Union • EU

View details
CybersecurityRegulation

EU Data Act — Regulation (EU) 2023/2854 - EU Data Act

The EU Data Act (Regulation (EU) 2023/2854) establishes harmonized rules to make data generated by connected products and related digital services more accessible and usable across the European Union. It gives users of connected devices, such as IoT products, the right to access and share the data they generate with third parties, while requiring data holders to provide that data under fair, reasonable, and non-discriminatory conditions. The regulation aims to reduce barriers to data sharing, promote innovation and competition, enable easier switching between cloud and data-processing services, and support public-sector access to data in situations of exceptional need, while preserving data protection, privacy, intellectual property rights, and trade secret safeguards. Overall, the Data Act is designed to create a fairer and more competitive European data economy by empowering users and improving access to valuable data resources.

European Union • EU

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call